AAMO: Another Android Malware Obfuscator

~ vendredi 13 novembre 2015

AAMO: Another Android Malware Obfuscator

Set of code-obfuscation scripts tailored for Android applications. Assume that the original application can be disassembled into Smali.

Usage

$ mkdir dir_with_apks_to_obfuscate/     # fill the dir with some APKs
$ vim obfuscators/obfuscators.py

Set the obfuscator_to_apply variable to define the list of obfuscators you want to apply.

For example:

obfuscator_to_apply = [
    'Resigned',
    'Alignment',
    'Rebuild',
    'Fields',
    'Debug',
    'Indirections',
    'Defunct',
    'StringEncrypt',
    'Renaming',
    'Reordering',
    'Goto',
    'ArithmeticBranch',
    'Nop',
    'Asset',
    'Intercept',
    'Raw',
    'Resource',
    'Lib',
    'Restring',
    'Manifest',
    'Reflection']

You can choose a subset of obfuscators (recommended).

$ python obfuscators/obfuscators.py

Enjoy your obfuscated APKs.

Obfuscation Operators

Support:

Android specific

  • Repackaging
  • Reassembly
  • Re-alignment


Simple control-flow modifications

  • Junk code insertion
  • Debug symbols stripping
  • Defunct code insertion
  • Unconditional jump insertion


Advanced control-flow modifications

  • Call indirection
  • Code reordering
  • Reflection
  • Opaque predicate insertion


Renaming

  • Non-code files and resource renaming
  • Fields and methods renaming
  • Package renaming


Encryption

  • Resource encryption (asset files)
  • Native code encryption
  • Data encryption (strings)

0 commentaires :

Enregistrer un commentaire